Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    More on Regular Expressions

    If the regular expressions option was selected when creating a new template, or equivalently, if the line #conform use regular-expression is included at the top of a template, then regular expressions can be used when writing the compliance assessment rules. A typical rule that uses a regular-expression will use the “~=” wildcard operator as in the following example:

    if $( ~= "Lo*" then
    print "$( is a loopback interface"

    Some of the most basic and most commonly used regular expression syntax are as follows:


    Any single character. Note that to match a period exactly, precede the dot with a backslash, “\.”


    Zero or more instances of the previous character


    One or more of the previous character


    Zero or one of the previous character

    [ ]

    Any character from the set. [ch]at matches “cat” or “hat”


    Any character not in the set.

    ( )

    Groups patterns. (cat|hat) matches “cat” or “hat”


    Any character from a through z or A through Z, inclusive


    Any integer from 0 through 9, inclusive


    Used in front of a reserved regular expression character (such as “.” or “+”), to match that particular character. For example, to match “tacacs+” exactly, “tacacs\+” is required, as the plus sign has a special meaning in regular expression syntax.

    Because some users may accidentally confuse wildcards with regular expressions, the Compliance Assessment Tool automatically converts some statements, as shown in the following examples:

    • “ATM*” is automatically converted to “ATM.*” - “ATM*” also matches “AT”, which is in most cases unintended by the user.
    • “*ATM” is automatically converted to “.*ATM” - “*ATM” is actually illegal regular expression syntax.

    Note: When used in regular expressions, blank spaces are respected. They are not ignored.

    Some examples are shown below:

    ip address.*

    To match the ip address.


    To match the description.


    To match “tacacs+” exactly, instead of just “tacacs”

    version 12\..*

    To ensure the version begins with “12.”

    net .*00

    To ensure the net id ends with two zeros

    router eigrp (100|299)

    To match “router eigrp 100” or “router eigrp 299”

    tacacs-server host 192\.122\.[0-9]+\.[0-9]+

    To ensure the IP address is declared 192.122.x.y where x and y are integers.

    Modified: 2016-11-08